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DETAILED ACTION 

Priority 

1 . Applicant's claim for benefit of domestic priority under 35 U.S.C. 1 19(e) is 
acknowledged. 

The application is filed on 9/21/2004 but has a U.S. provisional application 
number 60/481,407 filed on 9/22/2003. 

Specification 

2. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code (SPEC: Page 3 Para [001 1]). Applicant is 
required to delete / re-write the embedded hyperlink and/or other form of browser- 
executable code. See MPEP § 608.01. 

Double Patenting 

The nonstatutory provisional double patenting rejection is based on a judicially 
created doctrine grounded in public policy (a policy reflected in the statute) so as to 
prevent the unjustified or improper timewise extension of the "right to exclude" granted 
by a patent and to prevent possible harassment by multiple assignees. See In re 
Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887. 
225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 
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(CCPA 1982); In re Vogel, 422 F.2d 438. 164 USPQ 619 (CCPA 1970); and In re 
Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1.130(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

3. Claims 1. 13 and 24 (& dependent claims 2 - 7. 9, 12, 14-18, 20, 23, 25 - 29, 
31 and 34) are rejected under the judicially created doctrine of obviousness-type 
provisional double patenting as being unpatentable over claims 1,11 and 20 (& 
dependent claims 2-4, 6.8-10, 12, 13. 15, 17-19,21,23, 25 and 26) of U.S. Patent 
Copending Application No 10/711,495. Although the conflicting claims are not identical, 
they are not patentably distinct from each other because (a) the instant application is 
directed toward an authentication of a email and the copending application is directed 
toward an authentication of a URL link; however, the method of using a URL link to 
deliver an email is considered and recognized as obvious and well-known in the field at 
the time the invention was made - for example, a well-known content bearing WebDAV 
is a technology that stands for "Web Distributed Authoring and Versioning"; by using 
WebDAV, one just need to send the HTTP / URL link associated with the email instead 
of emailing the entire file (see the following Office action below: accessing an email 
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message remotely between a client browser and an internet server), and (b) the 
"authenticity mark" as recited in the instant application is equivalent to the "originator 
identifier and encrypted data" as recited in Copending Application No 10/711,495. 

This is a provisional obviousness-tvpe double patenting rejection because the 
conflicting claims have not in fact been patented. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless » 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1, 3 - 9, 10, 13 - 20, 21, 24 - 29 - 32 are rejected under 35 
. U.S.C. 102(e) as being anticipated by Garib (U.S. Patent 6,728,378). 

As per claim 1, Garib teaches a computer program, embodied on a computer 
readable storage medium, for assisting a user to determine whether an email 
comes from a purported originator (Garib: Column 12 Line 60 - 63 and Column 16 
Line 26 - 27: a claimed source of an email message is indeed a purported originator), 
the computer program comprising: 
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a code segment that determines with a computerized system whether the 
email includes an authenticity mark including an originator identifier and 
encrypted data (Garib: Column 12 Line 60 - 63, Column 6 Line 30 - 35, Column 16 
Line 26 - 27 and Column 7 Line 5-12: both of the claimed source (considered as an 
originator identifier) and the encrypted message hash value embedded on the email 
message are qualified to serve as an authenticity mark for validating the integrity of 
email message); 

a code segment that decrypts said encrypted data based on said originator 
identifier, into decrypted data (Garib: Column 15 Line 20 - 23: (a) a data element is 
encrypted at the sender by using its private key (b) the receiving entity knows the 
corresponding public key of the sender and (c) the receiving entity decrypts. the data to 
ensure the validity of the received signature / encrypted hash value); 

a code segment that presents to the user on a display unit (Garib: Column 
12 Line 65-66): 

whether the email includes said authenticity mark (Garib: Column 16 Line 23 

-29); 

whether said encrypted data decrypts successfully; and information based 
on said authenticity mark and said decrypted data (Garib: Column 13 Line 51 - 59: 
the validation result is directed to the web browser to indicate / display the problem of 
the message). 
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As per claim 13 and 24, Garib teaches a system for assisting a user to determine 
whether an email comes from a purported originator (Garib: Column 12 Line 60 - 63 
and Column 16 Line 26 - 27: a claimed source of an email message is indeed a 
purported originator), the system comprising: 

a computerized system having a display unit (Garib: Column 12 Line 65 - 66); 

a logic in said computerized system that determines whether the email includes 
an authenticity mark including an originator identifier and encrypted data (Garib: Column 
12 Line 60 - 63, Column 6 Line 30 - 35, Column 16 Line 26 - 27 and Column 7 Line 5 
-12: both of the claimed source (considered as an originator identifier) and the 
encrypted message hash value embedded on the email message are qualified to serve 
as an authenticity mark for validating the integrity of email message); 

a logic in said computerized system that decrypts said encrypted data based on 
said originator identifier, into decrypted data (Garib: Column 15 Line 20 - 23: (a) a data 
element is encrypted at the sender by using its private key (b) the receiving entity knows 
the corresponding public key of the sender and (c) the receiving entity decrypts the data 
to ensure the validity of the received signature / encrypted hash value); 

a logic in said computerized system that that presents to the user, on said display 
(Garib: Column 12 Line 65 - 66): 

whether the email includes said authenticity mark (Garib: Column 16 Line 23 - 

29); 

whether said encrypted data decrypts successfully; and information based on 
said authenticity mark and said decrypted data (Garib: Column 13 Line 51 - 59: the 
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validation result is directed to the web browser to indicate / display the problem of the 
message). 

As per claim 3, 14 and 25, Garib teaches said code segment (that determines) 
runs as a service in said computerized system (Garib: Column 13 Line 32 - 35 and 
Column 12 Line 55 - 63: running as an internet HTTP web browser email account 
service including the authentications). 

4 

As per claim 4, 15 and 26, Garib teaches said code segment (that determines) 
includes a hypertext transport protocol (HTTP) server (Garib: Column 2 Line 32 - 38, 
Column 3 Line 4-15: world wide web email account access via a HTTP server and a 
client web browser). 

As per claim 5, 16 and 27, Garib teaches said code segment (that determines) 

f 

listens at a port in said computerized system for a request for hypertext markup 
language (HTML) content and extracts said authenticity mark from a uniform resource 
locator (URL) link requesting said HTML content (Garib: Column 2 Line 32 - 38: 
extracting email message formatted in HTML that includes a authenticity mark and can 
be accessed from www (i.e. a URL link) - Examiner notes any www/HTTP protocol 
must include a IP address (either a public or a private IP address) and an associated 
port (either a assigned / fixed or a dynamic port)). 
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As per claim 6, 17 and 28, Garib teaches said code segment (that presents) 
further presents information to the user based on said originator identifier (Garib: 
Column 15 Line 20 - 23: the receiving entity uses the public key corresponding to the 
sender (i.e. originator identifier) to decrypt the data and presents the decrypted 
information to the user). 

As per claim 7. 18 and 29, Garib teaches a code segment that matches said 
originator identifier to one of a plurality of registered originators maintained in a storage 
unit, to retrieve a decryption key associated with said originator identifier for use by said 
code segment that decrypts (Garib: Column 15 Line 20 - 23 / Line 39 - 41 and Column 
16 Line 25 - 26: the receiving entity decrypts the email message and checks the 
received hash value by using the public key from stored memory to validate the claimed 
source). 

As per claim 8, 19 and 30, Garib teaches said code segment (that determines) 
compares a checksum from said authenticity mark against contents of the email; and 
said code segment (that presents) further presents to the user information based on 
said checksum (Garib: Column 6 Line 30 - 35 and Column 13 Line 51 - 59: a hash / 
checksum value is generated the entire email content). 

* 

As per claim 9, 20 and 31 , Garib teaches said code segment (that decrypts) 
employs a public key of said purported originator (Garib: Column 15 Line 20 - 23 / Line 
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39 - 41 and Column 16 Line 25 - 26: theTeceiving entity decrypts the email message 
and checks the received hash value by using the public key from stored memory to 
validate the claimed source) . 

As per claim 10, 21 and 32, Garib teaches said code segment (that decrypts) 
extracts at least one of a timestamp, a topic, and a user identifier from said encrypted 
data; and said code segment that presents further presents to the user information 
based on at least one of said timestamp, said topic, and said user identifier (Garib: 
Column 12 Line 55 - 59, Column 13 Line 51 - 59: the decrypted email message that 
must include a sender identifier / topic is directed to the web browser for display). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

• A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Garib 
(U.S. Patent 6.728.378), and in view of Dunnion et al. (U.S. Patent 2002/0199119). 

As per claim 2. Garib does not disclose expressly the computer program is 
digitally signed. 
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Dunnion teaches the computer program is digitally signed (Dunnion: Para [0099]: 
the entire downloaded program can be digitally signed for security reason to ensure that 
the software downloaded is actually that provided by the supplier and has not been 
replaced or altered). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Dunnion within the system of Garib 
because (a) Garib teaches encrypting / decrypting an email message and to 
authenticate the requesting user with a signed data signature / hash value (Garib: 
Column 12 Line 60 - 63, Column 16 Line 26 - 27 and Column 7 Line 5 - 12), and (b) 
Dunnion teaches providing a method of a security services system where not only the 
data files and email traffic need to be secured but also the entire downloaded program 
can be digitally signed for security reason to ensure that the software downloaded is 
actually that provided by the supplier and has not been replaced or altered (Dunnion: 
Para [0005] and Para [0099]). 

6. Claims 1 1, 22 and 33 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Garib (U.S. Patent 6,728.378). in view of Connery (U.S. Patent 6.606.709). 

As per claim 1 1, 22 and 33, Garib does not disclose a code segment that 
compares said timestamp to preset timeliness criteria; and wherein said code segment 
that presents emphasizes said information based on said timestamp when said 
timeliness criteria are deviated from. 
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Connery teaches a code segment that compares said timestamp to preset 
timeliness criteria; and wherein said code segment that presents emphasizes said 
information based on said timestamp when said timeliness criteria are deviated from 
(Connery: Column 8 Line 16 ~ 22: a timestamp test in a remote management system by 
using a timestamp field that carries the time when the management system sent 
message and the end system checks the timestamp to determine whether it is within a 
pre-specified time window D seconds in width, i.e., current time - 0.5 D <= timestamp 
<= current time + 0.5 * D). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Connery within the system of Garib 
because (a) Garib teaches accessing an email message remotely between a client 
browser and an internet server; and encrypting / decrypting an email message and 
further authenticate the requesting user with a signed data signature / hash value 
(Garib: Column 12 Line 60 - 63, Column 16 Line 26 - 27 and Column 7 Line 5-12), 
and (b) Connery teaches providing an enhanced security mechanism in a remote 
management system by using a timestamp test that includes a timestamp field carrying 
the time when the management system sent message and the end system checks the 
timestamp to detemiine whether it is within a pre-specified time window (Connery: 
Column 8 Line 16-22). 
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7. Claims 12, 23 and 34 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Garib (U.S. Patent 6,728,378), and in view of Haitsuka et al. (U.S. Patent 
6,766,369). 

As per claim 12, 23 and 34, Garib does not disclose said code segment that 
presents employs a dialog box that only software running locally in said computerized 
system can provide, thereby avoiding confusion with a remotely generated browser 
window. 

Haitsuka teaches said code segment that presents employs a dialog box that 
only software running locally in said computerized system can proyide, thereby avoiding 
confusion with a remotely generated browser window (Haitsuka: Column 7 Line 35 - 37, 
Column 8 Line 44 - 47 and Column 10 Line 49 - 52: the display can have not only a 
browser window but also a client window; where the client window is generated / 
controlled by the local client application). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Haitsuka within the system of Garib 
because (a) Garib teaches accessing an email message remotely between a client 
browser and an internet server; and encrypting / decrypting an email message and 
further authenticate the requesting user with a signed data signature / hash value 
(Garib: Column 12 Line 60 - 63, Column 16 Line 26 - 27 and Column 7 Line 5-12), 
and (b) Haitsuka teaches providing a flexible mechanism with a display having not only 
a browser window but also a client window; where the client window is generated / 
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controlled by the local client application during an internet SSL communication session 
to indicate the connection status (including the authentication for a typical SSL 
connection) for the clarity purpose to avoid being confused with the display of browser 
window (Connery: Column 7 Line 35 - 37 and Column 10 Line 49 - 52 / Line 43 - 45). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300, 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 

1 



published applications may be obtained from either Private PAIR or Public PAIR. 
Status Information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Longbit Chai, Ph.D. 
Patent Examiner 
Art Unit 21 31 
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